National Vulnerability Database

National Vulnerability Database

CVE-2017-13855 Detail

Current Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.

Analysis Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Change History

Initial Analysis -
12/28/2017 11:40:16 AM

Action

Type

Old Value

New Value

Added

CPE Configuration

OR
*cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:* versions up to (excluding) 11.2
*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 11.2
*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to (excluding) 10.13.2
*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to (excluding) 4.2

Added

CVSS V2

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Added

CVSS V3

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Added

CWE

CWE-704

Changed

Reference Type

http://www.securityfocus.com/bid/102100 No Types Assigned

http://www.securityfocus.com/bid/102100 Third Party Advisory, VDB Entry

Changed

Reference Type

http://www.securitytracker.com/id/1039952 No Types Assigned

http://www.securitytracker.com/id/1039952 Third Party Advisory, VDB Entry

Changed

Reference Type

http://www.securitytracker.com/id/1039953 No Types Assigned

http://www.securitytracker.com/id/1039953 Third Party Advisory, VDB Entry

Changed

Reference Type

http://www.securitytracker.com/id/1039966 No Types Assigned

http://www.securitytracker.com/id/1039966 Third Party Advisory, VDB Entry

Changed

Reference Type

https://support.apple.com/HT208325 No Types Assigned

https://support.apple.com/HT208325 Vendor Advisory

Changed

Reference Type

https://support.apple.com/HT208327 No Types Assigned

https://support.apple.com/HT208327 Vendor Advisory

Changed

Reference Type

https://support.apple.com/HT208331 No Types Assigned

https://support.apple.com/HT208331 Vendor Advisory

Changed

Reference Type

https://support.apple.com/HT208334 No Types Assigned

https://support.apple.com/HT208334 Vendor Advisory

Changed

Reference Type

https://www.exploit-db.com/exploits/43318/ No Types Assigned

https://www.exploit-db.com/exploits/43318/ Third Party Advisory, VDB Entry